About the Splunk Add-on for Unix and Linux

The Splunk Add-on for Unix and Linux collects *nix data from *nix hosts. You can install the Splunk Add-on for Unix and Linux on a forwarder to send data from any number of *nix hosts to a Splunk Enterprise indexer or group of indexers. You can also use the add-on to provide data for other apps, such as Splunk IT Service Intelligence or Splunk Enterprise Security.

The Splunk Add-on for Unix and Linux collects the following data using file inputs:

Changes to files in the /etc directory and subdirectories.

Changes to files in the /var/log directory and subdirectories.

The add-on collects the following data with scripted inputs:

bandwidth.sh

Network statistics via the shell commands dlstat, netstat, and sar

cpu.sh

CPU statistics via the shell commands sar, mpstat, and iostat

df.sh

Free disk space for each mount point via the shell commands df, mount and fstyp

This documentation applies to the following versions of Splunk® Add-on for Unix and Linux:
6.0.0

Comments

Hi Uthornander,

We're evaluating this functionality for a future release but we do not currently have a timeline available.

Nkaplan splunk, Splunker

September 11, 2019

When will Chrony be supported?
It's now the default time synch mechanism in both RH and CentOS.

Uthornander splunk, Splunker

September 10, 2019

Thank you for submitting your question to the Splunk documentation team. For issues this specific, we suggest that you post the question to Splunk Answers (http://answers.splunk.com) so the broader community of Splunk customers and employees can help you. Alternatively, file a Support case via the Support portal (https://login.splunk.com/page/sso_redirect?type=portal) if you have an active Support entitlement.

Ccornell splunk, Splunker

August 1, 2019

How would I make a copy of the df.sh script and change it to do df -TPi instead of df -TPh and get it to run? I would like them both to run simultaneously?

Enter your email address, and someone from the documentation team will respond to you:

Send me a copy of this feedback

Please provide your comments here. Ask a question or make a suggestion.

Feedback submitted, thanks!

You must be logged into splunk.com in order to post comments.
Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic.
If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk,
consider posting a question to Splunkbase Answers.

0
out of 1000 Characters

Your Comment Has Been Posted Above

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website.
Learn more (including how to update your settings) here »